AWS, Microsoft Receive Highest-Level FedRAMP Approval

Government agencies now have the ability to run workloads using their most sensitive data on Amazon Web Services (AWS), and Microsoft Azure public cloud.
Each company announced that they were each accredited with the highest level compliance by Federal Risk and Authorization Management Programs (FedRAMP) on Thursday. CSRA, a provider of IT services to government agencies, has also received the long-awaited FedRAMP Joint Authorization Board JAB Provisional Authority to Operate.
These approvals, long-awaited, allow federal agencies to host sensitive, high-impact workloads on three companies’ public cloud. This includes financial data, personally identifiable information, and other unclassified content. The certification covers 400 security controls.
AWS and Microsoft Azure are FedRAMP-compliant since several years. However, they can only be used for low-level or moderate workloads. In a blog post, Susie Adams, chief technology officer at Microsoft Federal, stated that the upgraded FedRAMP status certifies approved cloud platforms have “controls to securely process high impact level data — data that, if leak or improperly protected, could have severe adverse effects on organizational operations and assets or individuals.”
Teresa Carlson, AWS’ public sector vice president, stated that the AWS cloud is used by more than 2,300 government customers around the world. Carlson stated in a statement that agencies can use the AWS Cloud to secure a wider range of critical mission applications and innovations by demonstrating its security with the FedRAMP High baseline.
According to AWS, this baseline is “mapped to National Institute of Standards and Technology security controls (NIST), which classify data with ‘High’ if a breach would severely impact an organization’s operations, assets, or individuals.”
According to the company, the FedRAMP High accreditation for AWS covers the “AWS GovCloud US (US) region including Amazon Elastic Cloud Compute(EC2), Amazon Virtual Private Cloud [VPC], Amazon Simple Storage Service [S3), Amazon Identity and Access Management, (IAM), and Amazon Elastic Block Store (“EBS”) regions.
It covers 13 services that Microsoft offers to customers, Adams said. These include Azure Key Vault and Express Route, as well as Web Apps. Adams also noted that it “represents a significantly faster pace of accreditation for the benefit of Federal clients.”